Package: bind9 Version: 9.2.4-1sarge1 9.3.2-P1.0-1 9.3.3-1 9.4.0~rc1.0-3 Tags: security Severity: grave
Hello They say "severity low" but if someone causes all nameservers of my internet provider to "exit unintentionally" continuously, I guess that becomes a pretty big problem :-) bye, -christian- > ----- "Mark Andrews" <[EMAIL PROTECTED]> wrote: > > Internet Systems Consortium Security Advisory. > > BIND 9: dereferencing freed fetch context > > 12 January 2007 > > > > Versions affected: > > > > BIND 9.3.0, 9.3.1, 9.3.2, 9.3.3 > > BIND 9.4.0a1, 9.4.0a2, 9.4.0a3, 9.4.0a4, 9.4.0a5, 9.4.0a6, 9.4.0b1 > > 9.4.0b2, 9.4.0b3, 9.4.0b4, 9.4.0rc1 > > BIND 9.5.0a1 (Bind Forum only) > > > > Severity: Low > > Exploitable: Remotely > > > > Description: > > > > It is possible for the named to dereference (read) a freed > > fetch context. This can cause named to exit unintentionally. > > > > Workaround: > > > > Disable / restrict recursion (to limit exposure). > > > > Fix: > > > > Upgrade to BIND 9.2.8, BIND 9.3.4 or BIND 9.4.0rc2. > > Additionally this will be fixed in the upcoming BIND 9.5.0a2. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
